Skip to main content

Configuring Decision Mappings

Use an authz decision and locate the path to the allow field in its JSON output.

In the Styra DAS decision log, the last three decisions appear at the bottom in the following order:

  • display
  • pull
  • authz

Click on the authz decision expand/collapse arrow to view its JSON output, as shown below.

{
    "path": "rules/authz",
    "policy_type": "rules",
    "reason": {
        "value": "[]"
    },
    "received": "2020-06-05T15:52:41.722Z",
    "requested_by": "172.18.0.4:57546",
    "result": {
        "allow": true,
        "errors": []
    },
    "system_id": "c070dcb2e1c24ec4a247a0d1540c2701",
    "system_type": "custom",
    "timestamp": "2020-06-05T15:52:32.686Z"
}

The authz decision should be treated as an Allow or Deny decision. The field within the decision log entry that indicates Allow or Deny is result.allow, shown below. If result.allow is true, the decision is Allowed; otherwise, it is Denied.

"result": {
    "allow": true,
    "errors": []
}

Configure the Decision Mappings for your Custom System so Styra DAS knows which ones are allowed or denied decisions.

  1. Click on Settings > Decision Mappings.

  2. In the Decision Mappings page, for the Path to decision and Path to message properties, enter the following values:

    • Path to decision: result.allow
    • Path to message: result.errors

  3. Click Save changes.

note

Use the Copy JSON path action to copy path references from a decision and paste it into a Decision Mappings path field.